[gentoo-commits] proj/qa-scripts:master commit in: /

Tue, 17 Jul 2018 15:13:53 -0700 

commit:     e3117dda8d6e68ddc312298c0ffd2debacf9021a
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 17 22:12:51 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue Jul 17 22:13:09 2018 +0000
URL:        https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=e3117dda

Add a script to fetch OpenPGP keys

 create-dev-keyrings.bash | 61 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/create-dev-keyrings.bash b/create-dev-keyrings.bash
new file mode 100755
index 0000000..ea31587
--- /dev/null
+++ b/create-dev-keyrings.bash
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+OUTPUT_DIR=${1:-.}
+
+COMMIT_RULE='(&(gentooAccess=git.gentoo.org/repo/gentoo.git)(gentooStatus=active))'
+NONCOMMIT_RULE='(&(!(gentooAccess=git.gentoo.org/repo/gentoo.git))(gentooStatus=active))'
+RETIRED_RULE='(!(gentooStatus=active))'
+
+# grab_ldap_fingerprints <ldap-rule>
+grab_ldap_fingerprints() {
+       ldapsearch "${1}" -Z gpgfingerprint -LLL |
+               sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}' |
+               sort -u |
+               grep -v undefined
+}
+
+# grab_keys <fingerprint>...
+grab_keys() {
+       local retries=0
+       local missing=()
+       local remaining=( "${@}" )
+
+       while :; do
+               gpg -q --recv-keys "${remaining[@]}" || :
+               missing=()
+               for key in "${remaining[@]}"; do
+                       gpg --list-public "${key}" &>/dev/null || missing+=( 
"${key}" )
+               done
+
+               [[ ${#missing[@]} -ne 0 ]] || break
+
+               # if we did not make progress, give it a few seconds and retry
+               if [[ ${#missing[@]} -eq ${#remaining[@]} ]]; then
+                       if [[ $(( retries++ )) -gt 3 ]]; then
+                               echo "Unable to fetch the following keys:"
+                               printf '%s\n' "${missing[@]}"
+                               exit 1
+                       fi
+                       sleep 5
+               fi
+
+               remaining=( "${missing[@]}" )
+       done
+}
+
+set -e
+
+COMMITTING_DEVS=( $(grab_ldap_fingerprints "${COMMIT_RULE}") )
+NONCOMMITTING_DEVS=( $(grab_ldap_fingerprints "${NONCOMMIT_RULE}") )
+#RETIRED_DEVS=( $(grab_ldap_fingerprints "${RETIRED_RULE}") )
+
+export GNUPGHOME=$(mktemp -d)
+trap 'rm -rf "${GNUPGHOME}"' EXIT
+
+grab_keys "${COMMITTING_DEVS[@]}"
+gpg --export > "${OUTPUT_DIR}"/committing-devs.gpg
+grab_keys "${NONCOMMITTING_DEVS[@]}"
+gpg --export > "${OUTPUT_DIR}"/active-devs.gpg
+# -- not all are on keyservers
+#grab_keys "${RETIRED_DEVS[@]}"
+#gpg --export > "${OUTPUT_DIR}"/all-devs.gpg

Reply via email to